Control Web Panel

Security => CSF Firewall => Topic started by: yeknafar on July 21, 2018, 02:56:56 PM

Title: (Unknown) blocked with too many connections
Post by: yeknafar on July 21, 2018, 02:56:56 PM
Hello

Sometimes I recive an email with this subject and my own IPv6 that shows

Connections: 209
Blocked:     Temporary Block for 43200 seconds [CT_LIMIT]


And a long list of Connections like this:


tcp6: 0:0:0:0:My own IPv6 :45334 -> 0:0:0:0:0My own IPv6 :8181 (TIME_WAIT)



What's the reason?

Thanks
Title: Re: (Unknown) blocked with too many connections
Post by: studio4host on July 22, 2018, 08:42:43 AM
###############################################################################
# SECTION:Connection Tracking
###############################################################################
# Connection Tracking. This option enables tracking of all connections from IP
# addresses to the server. If the total number of connections is greater than
# this value then the offending IP address is blocked. This can be used to help
# prevent some types of DOS attack.
#
# Care should be taken with this option. It's entirely possible that you will
# see false-positives. Some protocols can be connection hungry, e.g. FTP, IMAPD
# and HTTP so it could be quite easy to trigger, especially with a lot of
# closed connections in TIME_WAIT. However, for a server that is prone to DOS
# attacks this may be very useful. A reasonable setting for this option might
# be around 300.
#
# To disable this feature, set this to 0
CT_LIMIT = "0"

Check for lin number in the config file: /etc/csf/csf.conf 
Code: [Select]
grep -n CT_LIMIT /etc/csf/csf.conf     
1549:CT_LIMIT = "0"